Annex — Details of the problem statements 

















protection — Product 
Due Diligence & 
Risk Rating 





Ref Themes Problem statements 
1 Governance, Risk | How might we use technology to optimise regulatory 
and Compliance | compliance specifically related to: 
(GRC) — Maintaining 
an inventory of all |e Automating and streamlining the process of finding 
internal and external and assessing new regulations to be reviewed; 
compliance 
obligations e Making available an up-to-date list, accessible by 
all, of the relevant bank-wide regulatory 
obligations indicating responsibility and how those 
responsibilities will be met; and 
e Deliver assurance on and monitoring of the above- 
mentioned controls. 
This will ensure institutions comply in full, while 
saving time and costs. 
2 Conduct & customer | How might we use technology to support financial 


product developers as well as risk and compliance 
teams with their product due diligence and product risk 
rating assessments, specifically: 


e Data collection given product data can take many 
forms and the process of collection is not 
standardised; 


e Interpretation of requirements especially for 
complex products and from both the customer and 
the organisation (reputational) points of view; 


e Consistent Product Risk Rating modelling, 
ensuring standard application of relevant 
requirements across different products; 


e Maintenance of supporting platform and 
compliance process including ongoing product due 
diligence and risk rating assessments; and 


e Making real time product info e.g. risk ratings 
available to Relationship Managers and other 
frontline staff to ensure compliant selling process. 


Ultimately the solution(s) will save product, risk and 
compliance teams time, and ensure compliance while 
protecting customers from being offered unsuitable 
products/ not receiving the relevant full disclosures. 











Conduct & customer 
protection - 
Customer data 
privacy 


With many data breaches occurring due to internal 
issues rather than external factors and with the 
significant increase in employees working remotely 
during the pandemic, how might we use technology- 
based solutions to help banks protect customer data and 
privacy especially in addressing increasing concerns 
around cyber risks and related regulatory compliance. 


This problem statement is not concerned with 
monitoring for employee productivity purposes but 
rather, focused on employee security, risk and 
compliance aspects. 

Some specific solution features could include: 

e Analyse anomalies around data access and usage; 


e Alert potential security breaches; 


e Detect leaks and prevent data loss/ notify relevant 
parties where appropriate; and 


e Remote data deletion/ recovery. 











Risk Management — 
Stress Testing 





Stress testing in banks is strategically important and it 
is a requirement from regulators to model specific 
scenarios and report on the outcomes. A broad variety 
of risks are modelled at different frequencies including 
for example large exposures, market, liquidity, credit, 
reputational and strategic risk. 


How might we, through a technology solution, support 
the delivery of the stress testing requirements by the 
different risk, compliance and business unit teams and 
reduce the resources required by for example: 


e Integrating and consolidating different 
requirements for coordinated stress testing result 
delivery; 


e Standardise outputs in a consistent manner and 
bring efficiencies to the stress testing processes; 
and 


e Consolidate data requirements for different stress 
tests and ringfence the datasets required to be 
managed and updated centrally for easy access 
when running the models. 








